From 5c716146e8aee16b46a2144c199b922c13fd00ba Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 17 Feb 2010 16:34:33 +1100 Subject: examples: add bind9 patches for TSIG-GSS support We will point at these from the Samba4 HOWTO --- ...-the-question-section-in-update-responses.patch | 29 ++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 examples/bind9-patches/0001-leave-the-question-section-in-update-responses.patch (limited to 'examples/bind9-patches/0001-leave-the-question-section-in-update-responses.patch') diff --git a/examples/bind9-patches/0001-leave-the-question-section-in-update-responses.patch b/examples/bind9-patches/0001-leave-the-question-section-in-update-responses.patch new file mode 100644 index 0000000000..3716dd4ab6 --- /dev/null +++ b/examples/bind9-patches/0001-leave-the-question-section-in-update-responses.patch @@ -0,0 +1,29 @@ +From 1d97835f07fd5142187629941422f87b33015414 Mon Sep 17 00:00:00 2001 +From: Andrew Tridgell +Date: Wed, 17 Feb 2010 10:47:59 +1100 +Subject: [PATCH 1/5] leave the question section in update responses. + +This fixes TSIG-GSS updates from windows7 and w2k8r2, which require +the question to be included in the initial refusal for the unsigned +update. +--- + lib/dns/message.c | 3 ++- + 1 files changed, 2 insertions(+), 1 deletions(-) + +diff --git a/lib/dns/message.c b/lib/dns/message.c +index b541635..ae4965f 100644 +--- a/lib/dns/message.c ++++ b/lib/dns/message.c +@@ -2474,7 +2474,8 @@ dns_message_reply(dns_message_t *msg, isc_boolean_t want_question_section) { + if (!msg->header_ok) + return (DNS_R_FORMERR); + if (msg->opcode != dns_opcode_query && +- msg->opcode != dns_opcode_notify) ++ msg->opcode != dns_opcode_notify && ++ msg->opcode != dns_opcode_update) + want_question_section = ISC_FALSE; + if (want_question_section) { + if (!msg->question_ok) +-- +1.6.3.3 + -- cgit